Chinese Hackers Exploit Critical Zero-Day in Cisco Security Equipment

Chinese hackers exploit a critical zero-day in Cisco's email security; ongoing since November with no patch available yet.

By Content Team

Dec 20, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Chinese state-sponsored hackers are actively exploiting a critical zero-day vulnerability in Cisco's email security products, the company warned Wednesday. The flaw (CVE-2025-20393) affects Secure Email Gateway and Web Manager appliances, allowing attackers to execute commands with full system privileges.

Cisco's Talos team discovered the attacks on December 10, but they've been ongoing since late November. The hackers, tracked as UAT-9686, deployed custom tools including AquaShell backdoor and AquaTunnel for remote access. They're targeting devices with certain internet-facing ports open.

No patch is available yet, and Cisco hasn't identified workarounds. CISA ordered federal agencies to address the vulnerability by December 24.

Source: Security Week

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Hackers Target Zero-Day Flaw in Old D-Link Routers No Longer Getting Updates

Jan 8, 2026

FortiGate Firewalls Under Attack: Hackers Exploit Critical Vulnerabilities to Steal Corporate Credentials

Mar 15, 2026

ShinyHunters Cybercriminals Expand Cloud-Targeting Extortion Operations

Feb 2, 2026

Hackers Selling $220,000 Windows Zero-Day Exploit on Dark Web

Mar 9, 2026